Skip to content

Pull requests: SigmaHQ/sigma

New pull request New
61 Open 4,837 Closed
61 Open 4,837 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

React2shell Sigma Rules Emerging-Threats Review Needed The PR requires review Rules
#5795 opened Dec 6, 2025 by swachchhanda000 Loading…
Rename Auditd Folder Entries Linux Pull request add/update linux related rules Maintenance Related to additions and update of the repository features Review Needed The PR requires review Rules
#5793 opened Dec 5, 2025 by nasbench Loading… Sigma-January-Release
2
Add SSH brute force detection rule Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5792 opened Dec 4, 2025 by LB89-code Draft
1
bugfix: update proc_creation_macos_gui_input_capture.yml - osascript … MacOS Pull request add/update macos related rules Ready to Merge Review Needed The PR requires review Rules
#5791 opened Dec 4, 2025 by Niicolaa Loading… Sigma-January-Release
4
Metadata Updates - Batch 1 Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5790 opened Dec 3, 2025 by nasbench Loading… Sigma-January-Release
@nasbench
fix: Add fps filter observed on ARM-based Windows updates Ready to Merge Rules Windows Pull request add/update windows related rules
#5789 opened Dec 3, 2025 by swachchhanda000 Loading… Sigma-January-Release
15
Recon via RDP Logging Event Ready to Merge Rules Windows Pull request add/update windows related rules
#5788 opened Dec 3, 2025 by swachchhanda000 Loading… Sigma-January-Release
2
Add Detection Rule for Oracle OIM Pre-Auth Authentication Bypass (CVE-2025-61757) Emerging-Threats Review Needed The PR requires review Rules Work In Progress Some changes are needed
#5781 opened Nov 29, 2025 by YxinMiracle Loading…
5
fix: FPs on docker images Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5780 opened Nov 28, 2025 by marius-benthin Loading… Sigma-January-Release
@nasbench
15
fix: add some filters or tune rules to reduce false positives Ready to Merge Rules Windows Pull request add/update windows related rules
#5778 opened Nov 27, 2025 by swachchhanda000 Loading… Sigma-January-Release
6
feat: more edrfreeze rules Maintenance Related to additions and update of the repository features Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5777 opened Nov 27, 2025 by swachchhanda000 Loading…
1
Added rules related to ArcGIS Server Object Extension abuse Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5774 opened Nov 25, 2025 by mbabinski Loading… Sigma-January-Release
16
feat: Shai-Hulud: The Second Coming Rules Emerging-Threats Linux Pull request add/update linux related rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5772 opened Nov 25, 2025 by swachchhanda000 Loading… Sigma-January-Release
1
add: Linux setcap setuid Linux Pull request add/update linux related rules Review Needed The PR requires review Rules
#5771 opened Nov 25, 2025 by EzLucky Loading… Sigma-January-Release
4
Add detection rule for Chaos/Darkside Ransomware style hidden Cmd launching suspicious targets Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5767 opened Nov 20, 2025 by vl43den Loading… Sigma-January-Release
@swachchhanda000
2
Add Correlation Support Work In Progress Some changes are needed
#5759 opened Nov 17, 2025 by nasbench Draft
7 tasks
Sigma-January-Release
@nasbench
Add DPI-based network rule for responder footprints detection Additional Data Needed Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules
#5751 opened Nov 11, 2025 by cogResearch Loading…
4
feat: phantom DLL hijacking rules Author Input Required changes the require information from original author of the rules Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5749 opened Nov 10, 2025 by swachchhanda000 Loading… Sigma-January-Release
@swachchhanda000
6
3 New rules Additional Data Needed Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules
#5747 opened Nov 8, 2025 by louiselalanne Loading…
4
new: bindfltapi.dll execution by suspicious process Rules Windows Pull request add/update windows related rules
#5744 opened Nov 6, 2025 by vl43den Loading…
Feat: susp msix/appX package installation detection Maintenance Related to additions and update of the repository features Review Needed The PR requires review Rules Windows Pull request add/update windows related rules
#5741 opened Nov 3, 2025 by swachchhanda000 Loading… Sigma-January-Release
@nasbench
8
API_Hooking_detection Linux Pull request add/update linux related rules Rules
#5739 opened Nov 2, 2025 by AAtashGar Loading…
1
Add detection rules for abuse of OpenEDR's response features Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules
#5716 opened Oct 22, 2025 by tsale Loading…
9
macOS process create detections related to Bluenoroff macOS intrusion MacOS Pull request add/update macos related rules Rules
#5700 opened Oct 17, 2025 by stuartjash Loading…
1
add detection rule for suspicious use of BrowserCore.exe in PRT extra… Author Input Required changes the require information from original author of the rules Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
#5676 opened Oct 3, 2025 by e0909 Loading…
12
ProTip! Mix and match filters to narrow down what you’re looking for.